CN105277871A - Method and apparatus for detecting fault injection - Google Patents
Method and apparatus for detecting fault injection Download PDFInfo
- Publication number
- CN105277871A CN105277871A CN201510314369.4A CN201510314369A CN105277871A CN 105277871 A CN105277871 A CN 105277871A CN 201510314369 A CN201510314369 A CN 201510314369A CN 105277871 A CN105277871 A CN 105277871A
- Authority
- CN
- China
- Prior art keywords
- error injection
- out network
- high fan
- signal
- signal level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01R—MEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
- G01R31/00—Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
- G01R31/28—Testing of electronic circuits, e.g. by signal tracer
- G01R31/317—Testing of digital circuits
- G01R31/31719—Security aspects, e.g. preventing unauthorised access during test
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01L—SEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
- H01L23/00—Details of semiconductor or other solid state devices
- H01L23/57—Protection from inspection, reverse engineering or tampering
- H01L23/576—Protection from inspection, reverse engineering or tampering using active circuits
-
- H—ELECTRICITY
- H03—ELECTRONIC CIRCUITRY
- H03K—PULSE TECHNIQUE
- H03K19/00—Logic circuits, i.e. having at least two inputs acting on one output; Inverting circuits
- H03K19/003—Modifications for increasing the reliability for protection
Abstract
An apparatus for detecting fault injection includes a high-fanout network, which spans an Integrated Circuit (IC), and circuitry. In some embodiments, the high-fanout network is continuously inactive during functional operation of the IC, and the circuitry is configured to sense signal levels at multiple sampling points in the high-fanout network, and to identify a fault injection attempt by detecting, based on the sensed signal levels, a signal abnormality in the high-fanout network. In some embodiments, the circuitry is configured to sense signal levels at multiple sampling points in the high-fanout network, to distinguish, based on the sensed signal levels, between legitimate signal variations and signal abnormalities in the high-fanout network during functional operation of the IC, and to identify a fault injection attempt by detecting a signal abnormality.
Description
Technical field
The embodiment of the present invention relates to a kind of protection of electronic circuit, and relates to a kind of method and system detecting error injection and attack especially.
Background technology
Error injection is attacked (FaultInjectionAttack) and is used to access, analyze or obtain the class technology from the information of safe electronic circuit (such as: cryptochannel).Error injection is attacked and usually can be made the mistake in circuit, such as: by material contact to signal wire, by high power radium-shine or electromagnetic pulse or by causing surging at power supply unit or other external interfaces.This mistake is expected and circuit can be caused to export sensitive information, or assistance assailant infiltrates the information stored by circuit or circuit.
Have in known skill and be variously used for detecting and the technology suppressing error injection to be attacked.Such as U.S. Patent application the 2011/0029828th publication number, its content is also merged in herein as reference at this, which depict the circuit of the error injection detected in integrated circuit.This circuit comprises at least one logical blocks and isolation block.Logical blocks is in order to perform the logic function of integrated circuit, and isolation block couples to receive pending signal and isolation enable signal, and isolation enable signal points out a function phases and a detection-phase of logical blocks.During function phases, pending signal is applied at least one input of logical blocks by isolation block, and during detection-phase, applies the input of a constant value to logical blocks.Detect the state of block in order to the output signal of monitoring logic block during detection-phase, and the generation alarm signal when the state of contingency output signal has any change.
The content of U.S. Patent application the 2007/0075746th publication number is also merged in herein as reference at this, which depict the technology detecting surging in secure microcontroller.A kind of device contains multiple macroelement (Macro-cells), and these macroelements are formed by the logical block that can perform one or more function.This device also comprises a clock pulse tree, and tree can receive clock signal and provide at least portion of clock signal to be copied to each macroelement this clock pulse.Clock pulse sets the region branch be included in each macroelement, and wherein each region branch can provide at least a clock signal copied.In addition, this device contains at least one surging testing circuit, the surging in one or more clock signal copied that its region branch can detected in macroelement provides.
The content of U.S. Patent application the 2009/0315603rd publication number is also merged in herein as reference at this, which depict the technology of the interference of the state detecting at least one the first flip-flop, the group that this at least one first flip-flop is formed from multiple first flip-flops of an electronic circuit.The respective output of the first flip-flop in group has nothing to do with their functional object, these export and combined to provide the anti-phase of signal signal therewith, and triggering two the second flip-flops, this little second flip-flop has the data be forced to equal state and inputs.The respective output of the second flip-flop is combined to provide the result of detection.One pulse signal includes a pulse, and this pulse is at least each triggering edge for one of them the first flip-flop in a group, and this pulse signal can initialization second flip-flop.
The content of U.S. Patent application the 2005/0235179th publication number is also merged in herein as reference at this, which depict and avoids error injection to the device in the synchronous flip-flop of basic logic module in order to protection.One logical circuit comprises a logic module, and this logic module includes a functional synchronous flip-flop, and this functional synchronous flip-flop receiving function result also provides synchronized result, and wherein this functional outcome includes multiple parallel bit.Module in order to the integrality of audit function flip-flop includes the first encoded block, the second encoded block, checks synchronous flip-flop and comparer.First encoded block receiving function result and provide first yard.Second encoded block receives synchronized result and provides second code.Check that synchronous flip-flop receives first yard and provides third yard.Comparer compares second code and third yard provides the first rub-out signal.
The content of korean patent application KR101352149B publication number is also merged in herein as reference at this, it describes the circuit utilizing the impact damper in reset signal path to carry out detecting optical error injection, and this circuit can utilize the impact damper in the reset signal line being present in and resetting required for chip to carry out detecting optical error injection.This circuit includes the multiple detecting units be formed in a path of a reset signal, and this reset signal is transferred into each flip-flop comprising digital circuit, and digital circuit is used to detect external optical error injection.This circuit also includes signal collection unit, becomes an output in order to collect the output of detecting unit, and when the signal in any detecting unit changes, change is changed in resolution.This circuit also includes a detection signal generation unit, and the signal exported in order to detect detecting unit changes, and produces optical errors injection detection signal by the input of signal collection unit.
Summary of the invention
Embodiments of the invention described herein provide a kind of device detecting error injection, and it comprises high fan-out (Fanout) network and Circuits System.High fan-out network is throughout an integrated circuit and not start constantly during the feature operation of integrated circuit.Circuits System is configured to the signal level sensing multiple sampling spot in high fan-out network, and detects the abnormal signal in high fan-out network based on sensed signal level, injects attempt (Attempt) with identification error.
In certain embodiments, one or more electronic component is planted in paramount fan-out network.Wherein electronic component has the first sensitivity and the second sensitivity.First sensitivity is configured to transition to not actuator state.Second sensitivity is greater than the first sensitivity, and is configured to transition to actuator state.In one embodiment, high fan-out network comprises a test signal network.In an embodiment disclosed, Circuits System comprises at least one sensor, is configured to sense the signal level on plural sampling spot, and the signal level that merging senses is to produce the output of at least one sensor.
In other embodiments, Circuits System is configured to compare the signal level that two or more senses, and to be carried out detection signal by the difference between the signal level that compares abnormal by detecting.Usually, Circuits System be configured to integrated circuit operation at a normal manipulation mode time, sensing signal level and identification error inject attempt constantly.
In an exemplary embodiment, Circuits System is configured to other detection logical block from integrated circuit and receives at least one input.In other embodiments, another alarm that Circuits System is configured to provide at least one to export in integrated circuit is machine-processed, to respond the operation identifying error injection attempt.In another embodiment, Circuits System is configured to revise one or more signal level in high fan-out network, to respond the operation identifying error injection attempt.
According to embodiments of the invention, another device detecting error injection is also suggested, and contains high fan-out network and Circuits System.High fan-out network is throughout integrated circuit.Circuits System is configured to sense the signal level of multiple sampling spot in high fan-out network with during the feature operation of integrated circuit, differentiates reasonable signal variation in high fan-out network and abnormal signal based on the signal level sensed.Circuits System is also configured to extremely to carry out identification error by detection signal and injects attempt.
In certain embodiments, one or more electronic component is planted in paramount fan-out network.Electronic component has the first sensitivity and the second sensitivity.First sensitivity is configured to transition to not actuator state.Second sensitivity is greater than the first sensitivity, and for transition to actuator state.In certain embodiments, high fan-out network comprises handover network (slowtogglingnetwork) at a slow speed.In one embodiment, Circuits System comprises at least two sensors, is configured to sense the signal level on plural sampling spot, and the signal level that merging senses is to produce the output of at least one sensor.
In one embodiment, Circuits System is configured to compare the signal level that two or more senses, and to be carried out detection signal by the difference between the signal level that compares abnormal by detecting.In another embodiment, Circuits System is configured to identify one or more time interval, and in these time intervals, the signal level of high fan-out network is contemplated to stable.Only in the time interval be identified, just detection signal is abnormal for Circuits System.
In one embodiment, Circuits System is configured to other detection logical block from integrated circuit and receives at least one input.In one embodiment, Circuits System is configured to provide at least one to export another alarm mechanism in integrated circuit to, to respond the operation identifying error injection attempt.In another embodiment, Circuits System is configured to revise one or more signal level in high fan-out network, to respond the operation identifying error injection attempt.In certain embodiments, Circuits System is configured to carry out detection signal extremely by the surging detected at least one signal level sensed.
According to embodiments of the invention, a kind of method detecting error injection is also suggested, and comprises following steps.The signal level of the multiple sampling spots of sensing in high fan-out network.High fan-out network is throughout integrated circuit, and not start constantly during the functional operation of integrated circuit.By detecting the abnormal signal in high fan-out network based on the signal level at sampling spot, to identify error injection attempt.
According to embodiments of the invention, the another kind of method detecting error injection is also suggested, and comprises following steps.The signal level of the multiple sampling spots of sensing in high fan-out network, wherein high fan-out network is throughout integrated circuit.During the feature operation of integrated circuit, the reasonable signal differentiated in high fan-out network based on the signal level sensed makes a variation and abnormal signal.Error injection attempt is identified by detection signal is abnormal.
Accompanying drawing explanation
For above-mentioned feature and advantage of the present invention can be become apparent, special embodiment below, and coordinate appended accompanying drawing to be described in detail below.
Fig. 1 is the block schematic diagram illustrating safety integrated circuit according to one embodiment of the invention; And
Fig. 2 is the schematic flow diagram illustrating the method detecting error injection according to one embodiment of the invention.
Drawing reference numeral
20: integrated circuit
24: flip-flop
28: conducting wire
32: impact damper
40: root
44: end points
48: sensor
52: control module
60: select time step
64: sensing step
68: follow-up for anomaly step
72: reactions steps
Embodiment
General survey
Described hereinly embodiments provide the method and system after improvement, in order to detect or the error injection alleviated on the integrated is attacked.Disclosed technology detects error injection by the signal sensing high fan-out network and attacks, and wherein high fan-out network can be such as one scan enable signal network, and it is throughout most of integrated circuit.
In an example implementation, multiple sensor is coupled to respective sampling spot along the high fan-out network throughout integrated circuit.Control module is collected and is processed sensor and exports, and uses the abnormal signal detected in high fan-out network.When detecting that doubtful is when pointing out faults the exception injecting attempt, control module meeting alert trigger, or take some safeguard measures.
In certain embodiments, selected high fan-out network scatters a signal, and wherein during the normal functionality operation of integrated circuit, this signal is lasting and is unconditionally not start (Inactive).An example is one scan enable signal (being also called scanning shift), its not start in the normal operation period in test period start (Active).Because this kind of high fan-out network is often not start, therefore any exception detected can strong suspicion be all error injection attempt.Utilize so high fan-out network can make there is reliable detection in the normal operation period, and special fault detection mode need not be switched to.As long as the testing circuit of integrated circuit keeps start, just error-detecting can be carried out at any time, even when integrated circuit or partly integrated circuit generation resetting event.
In the embodiment that other disclose, during the norma functional operation of integrated circuit, selected high fan-out network can scatter a signal changed in time, such as, be active shielding (Active-Shield) signal.In these embodiments, control module understands the reasonable variation of resoluting signal and the doubtful variation being error injection and attempting.For example, control module can be found abnormal in the time interval that the high fan-out network of expection is stable, or compares for two of sensor network branch or the output of multiple sensor.
As mentioned above, disclosed technology finds extremely during the normal running of integrated circuit, and do not need the input such as controlling these circuit by switching to special fault detection mode.Thus, the protection of error injection can be given when needing most, such as: when handling sensitive data.Because high fan-out network is throughout most integrated circuit, therefore disclosed technology have very high probability to detect error injection is attempted.By utilizing it to be the already present high fan-out network that partly integrated circuit function designs, minimal hardware and consumes least power can be increased, reach the wide protection in integrated circuit region.
Below by multiple illustrative embodiments of the technology disclosed by description.The technology of other complementarities also can be described, and such as: the tie point designing high fan-out network by unbalanced mode, and this unbalanced mode makes these tie points responsive to error injection.
System describes
Fig. 1 is the block schematic diagram of the element illustrating safety integrated circuit 20 according to one embodiment of the invention.Integrated circuit 20 can comprise the integrated circuit of such as microprocessor, storage arrangement or other suitable type.
Integrated circuit 20 comprises functional Circuits System, namely realizes the circuit component of the appointed function of integrated circuit.In the example depicted in figure 1, this functional Circuits System comprises multiple flip-flop (Flip-Flop) 24.These flip-flop presentation function unit, and connect the leaf node (Leaves) (term of " leaf node " refers to end points branch or the circuit of network) of paramount fan-out network, and for illustrating, and illustrate flip-flop in the mode highly simplified.Although it should be noted that flip-flops all in the drawings is all connected to the leaf node of network, flip-flop also can be connected to the network branches of nonleaf node.Or this functional Circuits System also can comprise any other suitable element.
Integrated circuit 20 further comprises high fan-out network, and it is throughout most integrated circuit region.In the meaning of one's words of present application for patent and patent claim, " high fan-out network " refers to a network with multiple signal line, and it can scatter multiple elements of multiple position in a given signal (agivensignal) to integrated circuit.
High fan-out network can comprise impact damper, phase inverter or repeater, in order to maintain integrality and the circuit of signal.High fan-out network also can comprise the logical block of other suitable kenels, and these logical blocks are equal to impact damper or phase inverter when network is examined.But in logic, such as, at working storage transmitting stage (RegisterTransferLevel:RTL) or inert stage, high fan-out network is be equal to a circuit or a phase inverter in an operation mode, and do not perform anti-phase beyond any logic.Such as, high fan-out network can comprise the high fan-out signal that one scan enable signal network, initiatively shields network, a reset signal network or any other suitable pattern.Wherein, scan enable signals network can scatter a test signal.Initiatively shield network and can scatter a mask voltage or electric current on the conductor layer being arranged at integrated circuit.Reset signal network can scatter a reset signal in integrated circuits to multiple position.At this, above-mentioned scan enable signals network, initiatively shield network or reset signal network can be called as test signal network.
In the example in fig 1, high fan-out network can scatter the signal that is applied to root 40.This signal can be disseminated to the multiple function element in integrated circuit, in the input of this example as multiple flip-flop 24.The end points 44 of each high fan-out network is also referred to as leaf node.In FIG, high fan-out network comprises conducting wire 28 (be also referred to as branch, it should be noted that leaf node is also a kind of branch) and phase inverter, impact damper or repeater 32.
In certain embodiments, integrated circuit 20 contains Circuits System, is used for detecting or latch the attempt of (latching) error injection.In the example in fig 1, integrated circuit 20 comprise multiple sensor 48 (such as flip-flop, latch, edge detector, surging detecting device or (OR) door, with (AND) door, XOR (XOR) door, working storage or its combine), these sensors can sense high fan-out network at multiple respective sampling spot.Each sensor 48 can sense signal (being such as voltage or electric current) at respective sampling spot and produce respective output.These sampling spots can be dispersed on whole integrated circuit region usually, reach maximum sensing range by this.
In certain embodiments, a given sensor 48 can merge logic (consolidatinglogics) unit by some and sense plural sampling spot.Such as, for noble potential start (active-high) network, the OR computing that above-mentioned merging logical block can utilize one or more OR door or OR tree to come on actuating logic.
The output of sensor 48 can be supplied to control module 52.Control module 52 can in conjunction with or process these sensors export, with detect identifiable design make mistake inject attempt abnormal signal, below can describe in detail again.When detecting that error injection is attempted, control module 52 can alert trigger.Extraly or alternatively, control module can take some safeguard measures when detecting that error injection is attempted, the integrated circuit of such as closed portion, or allow the integrated circuit of part be in Reset Status.
The setting of integrated circuit is an exemplary setting in FIG, is illustrate in order to conceptual differentiating purely.In another embodiment, any other suitable integrated circuit also can be used to arrange.Presenting in order to clear, for the element unnecessary when understanding the principle of the invention, such as, being all omitted in the drawings for various interface, control circuit, addressing circuit, sequential circuit and debugging circuit.These different integrated circuit components can be the combination of hardware, software or use software restraint element by implementation.
In certain embodiments, control module 52 carrys out implementation with general processor, can by software program to perform function described here.Such as this software is downloaded to processor by network with electronics kenel.Or software can be provided and/or be stored in the tangible medium of non-once extraly or alternatively, such as, be magnetic, optics or electronic memory.
In certain embodiments, for example, when control module 52 is hardware by implementation, control module 52 can combine with one or more sensor 48.An example of such integration allows certain sensor 48 latch network exception event and directly sends alarm (Alert) signal accordingly.These alarm signals can be kept (maintained), and each alarm signal can be coupled to potentially attacks countermeasure logical block, does not therefore need to be connected to control module 52.Therefore, in the meaning of one's words of present application for patent and patent claim, control module 52 and sensor 48 are collectively referred to as Circuits System, and it performs disclosed technology.Circuits System can be divided into multiple structure or functional unit in any suitable manner.
In another embodiment, one or more in the output of multiple sensor 48 or control module 52 can be used to trigger another alarm signal in integrated circuit 20.Such as, the output discussed can manipulate the working storage and multiple bus-bar protected by parity checking, deliberately to cause a parity error, utilizes other already present Security Countermeasures in integrated circuit by this.
In one embodiment, at least one sampling spot that sensed device 48 or control module 52 sense connects the nonleaf node circuit in paramount fan-out network.In another embodiment, sensor 48 and/or control module 52 are set to detect its at least one change inputted, surging or start level.It should be noted that surging can be from a level to another level in signal voltage or electric current, and a change of level before the short time gets back to.
In another embodiment, sensor 48 and/or control module 52 at least one other testing mechanism from integrated circuit receives multiple input.In another embodiment, due to sending (being such as that high fan-out network detecting device or other attack detectors being embedded in device produce) of alarm signal, control module 52 or sensor 48 can be modified in the network root 40 of high fan-out network or the signal level (such as, forcing this signal to be start) of another branch.
The error injection of already present high fan-out network is utilized to detect
In some embodiments of the invention, control module 52 utilizes the output of sensor 48 to detect the error injection putting on integrated circuit 20 to attack.Various types of attack all can be identified, and these attacks are such as produce in the following manner: the circuit of material contact integrated circuit 20, apply electromagnetic field or laser pulse to integrated circuit, apply interference and attack to the power supply line of integrated circuit or the error injection of other external interface or other kinds.Any such action is to one or more signal wire cause surging or interference in integrated circuit 20.
Control module 52 normally by detecting the abnormal signal in high fan-out network on one or more sampling spot, detects that error injection is attempted.In the meaning of one's words of present application for patent and patent claim, " abnormal signal " refers to that signal (such as, voltage or electric current) deviate from the deviation of any kind that the base form of expection or behavior (level of such as this anticipated signal or time domain waveform) cause.Such as, the base form of described expection or behavior refer to relative to itself behavior and/or relative to the relation between itself and other signals.Such exception such as can be attributed to surging that error injection attempts to cause, the branch's voltage quasi position not mating or do not expect between same network Zhong Liangge branch (sampling spot) or transition.
In certain embodiments, control module 52 applies some logical OR criterion in the output of sensor 48, in order in order to provide the detection of sensitive error injection attempt and reduce the probability of error-detecting.The criterion that control module 52 uses is the characteristic according to high fan-out network, and this high fan-out network specially selects to be used in error injection to detect.As mentioned above, in certain embodiments, high fan-out network can scatter a signal, and during the norma functional operation of integrated circuit, this signal continues and unconditional not start, such as, be scan enable or scanning shift signal.Or, the spreadable signal of high fan-out network, and this signal can change along with the time during the norma functional operation of integrated circuit, such as, be an active shielded signal.
No matter what the type of high fan-out network is, the inconsistency in network between branch all can indicate an error injection.In other cases, being used for the logic of detection signal exception may be different along with the type of high fan-out network.For example, in switching rate network (Slow-TogglingRateNetwork) at a slow speed, from logical zero to logical one and the transition getting back to " 0 " is Height Anomalies at once, be likely error injection attempt.
For example, reset in network one, no matter what (start or non-start) Reset Status is, when not being during network transition, inconsistent network state is the exception of height, is likely error injection attempt.Described inconsistent network state is such as that at least one network branches and other at least one network branches have different levels.Again for example, in one scan enable network, during its normal running (non-test) pattern, if there is at least one network branches to be set up (Assertion), being Height Anomalies, is likely error injection attempt.It should be noted that in the integrated circuit of being correlated with in safety, the multiple test pattern of forbidden energy belongs to common way.Therefore, in the test pattern being such as scan pattern, close testing mechanism usually can not be considered to a threat.
In another example, control module 52 or sensor 48 are attempted to detect doubtful error injection by the output of comparing some sensors.Under normal conditions, all sensors all expection can sense similar signal level.If the signal level sensed in these sensors has difference, and during not being the part of reasonable network transition or maintenance transition more than, be then likely error injection attempt.In an exemplary embodiment, control module 52 can compare both or more in order to the output of the sensor of the leaf node 44 of sensor network, be such as available to the signal of flip-flop 24.It should be noted that this kind of relatively can the signal on network when not being fixing (can reasonably change in time) be performed.Also it may be noted that the branch not being directly connected to flip-flop 24 can be connected to sensor 48 or be directly connected to control module 52.
In another embodiment, control module 52 or sensor 48 are configured to the surging at least one input of sensing itself.It should be noted that this kind of sensing can the signal on network when not fixing (can reasonably change in time) be performed.Such technology can make control module exist, and on the signal ensureing not have surging or network, surging detected under normal operation.An example of this kind of network and signal be those directly the network that drives by the output of flip-flop and signal.
Control module 52 is during the normal running of integrated circuit 20, and particularly during the normal running of high fan-out network, execution error is injected and detected.In other words, the normal signal (being such as scan enable signals or active shielded signal) that high fan-out network is scattered can not be controlled or be suppressed, and network can not switch to any special detecting pattern.It is important that error injection in the normal mode detects, this is because its when needing most (during the normal usage data of integrated circuit) provides protection.Moreover error injection in the normal operation period detects the needs eliminating additional mode commutation circuit (mode-switchingcircuitry) and/or software.
In certain embodiments, the signal level in high fan-out network is not constant completely, but only changes quite lentamente or switch (slowtoggling) at a slow speed.Such behavior is such as occur in initiatively to shield in network, wherein initiatively shields network and can scatter a mask voltage or electric current being arranged on the conductor layer on integrated circuit.In such embodiments, because normal signal changes lentamente or switches at a slow speed, therefore control module 52 signal that can detect transient state (transient) in high fan-out network or change fast, it is likely that error injection is attacked.
Therefore, in certain embodiments, control module 52 can sense the output of sensor, and is detect error injection attempt in the time interval of stable (be such as constant, or the speed at least changed being lower than a scheduled rate) in the normal signal expection of high fan-out network.The type of above-mentioned high fan-out network is illustratively purely.
In another embodiment, disclosed technology can carry out implementation by any other suitable high fan-out network.Usually but not necessarily, the signal that high fan-out network is scattered is asynchronous (ining contrast to usually by data-signal that clock signal samples).
In certain embodiments, in high fan-out network one or more impact damper 32 some be designed that there is extra high sensitivity to carry out transition to actuator state, and some impact damper has lower sensitivity carrys out transition to non-actuator state.Unbalanced like this design add surging that error injection causes be delivered in high fan-out network and the probability that catches by one or more sensor 48.
For example, consider the high fan-out network of electronegative potential start (active-low), wherein some impact damper 32 has the transistor path (being used for transition to actuator state) of low driving and the high transistor path (be used for transition to not actuator state) driven.In one embodiment, the transistor path of low driving can be designed than high driving transistors path more fast with firm.Or the design of any other suitable imbalance can be used.In addition, the present embodiment refers to impact damper 32, such as, but the technology of disclosed imbalance design can use together with other electronic components, and these electronic components can be planted in (inserted) paramount fan-out network, are phase inverter or repeater.
Fig. 2 is the schematic flow diagram illustrating the method detecting error injection according to one embodiment of the invention.The method is from selection of time step 60, and control module 52 have selected time interval, and at this moment, in interval, the normal signal expection of high fan-out network is stable and/or is consistent.It should be noted that for some network types, such as, is scan enable network, and such condition all can meet in a normal operation mode forever.
In sensing step 64, control module 52 senses the output of sensor 48.In other words, control module can sense high fan-out network on multiple sampling spot.In follow-up for anomaly step 68, control module 52 can check whether and find abnormal signal on one or more sampling spot.
If detect exception, in reactions steps 72, control module 52 is understood alert trigger or is adopted some safeguard measures perhaps, to alleviate suspicious error injection attempt.Otherwise the method can get back to step 60.
Although embodiment described here is mainly illustrating that the protection of integrated circuit is to resist error injection; but method and system described here also can be used in other application; be such as the error injection of distributing circuit detect that (such as, by signal interconnective on observation circuit plate) and the capability error being used in distributing circuit and integrated circuit detect other apply.
Although the present invention discloses as above with embodiment; so itself and be not used to limit the present invention, any relevant technical staff in the field, without departing from the spirit and scope of the present invention; when doing a little change and retouching, therefore protection scope of the present invention is when being as the criterion depending on upper attached those as defined in claim.
Claims (21)
1. detect a device for error injection, it is characterized in that, described device comprises:
One high fan-out network, throughout an integrated circuit and not start constantly during the feature operation of described integrated circuit; And
One Circuits System, is configured to the multiple signal level sensing multiple sampling spot in described high fan-out network, and by identifying an error injection attempt based on the described signal level abnormal signal detected in described high fan-out network sensed.
2. the device of detection error injection according to claim 1, is characterized in that, described device more comprises:
One or more electronic component, by in plant to described high fan-out network, one or more electronic component wherein said has one first sensitivity and one second sensitivity, described first sensitivity is configured to transition to not actuator state, described second sensitivity is greater than described first sensitivity, and described second sensitivity is configured to transition to actuator state.
3. the device of detection error injection according to claim 1, is characterized in that, described high fan-out network comprises a test signal network.
4. the device of detection error injection according to claim 1, it is characterized in that, described Circuits System comprises at least one sensor, be configured to sense described signal level on plural described sampling spot, and the described signal level that merging senses is to produce the output of described at least one sensor.
5. the device of detection error injection according to claim 1, it is characterized in that, described Circuits System is configured to compare the described signal level that two or more senses, and is detected described abnormal signal by detecting by the difference between the described signal level that compares.
6. the device of detection error injection according to claim 1, is characterized in that, described Circuits System be configured to described integrated circuit operation at a normal manipulation mode time, sense described signal level constantly and identify described error injection attempt.
7. the device of detection error injection according to claim 1, is characterized in that, described Circuits System is configured to detect logical block from other described integrated circuit and receives at least one input.
8. the device of detection error injection according to claim 1, is characterized in that, described Circuits System is configured to provide at least one another alarm mechanism exported in described integrated circuit, to respond the operation identifying the attempt of described error injection.
9. the device of detection error injection according to claim 1, is characterized in that, described Circuits System is configured to signal level wherein one or many person described in the described high fan-out network of amendment, to respond the operation identifying the attempt of described error injection.
10. detect a device for error injection, it is characterized in that, described device comprises:
One high fan-out network, throughout an integrated circuit; And
One Circuits System, be configured to multiple signal level of multiple sampling spot in the described high fan-out network of sensing with during the feature operation of described integrated circuit, the reasonable signal differentiated in described high fan-out network based on the described signal level sensed makes a variation and abnormal signal, and by detecting an abnormal signal to identify an error injection attempt.
The device of 11. detection error injection according to claim 10, it is characterized in that, described device comprises:
One or more electronic component, by in plant to described high fan-out network, one or more electronic component wherein said has one first sensitivity and one second sensitivity, described first sensitivity is configured to transition to not actuator state, described second sensitivity is greater than described first sensitivity, and described second sensitivity is used for transition to actuator state.
The device of 12. detection error injection according to claim 10, is characterized in that, described high fan-out network comprises a handover network at a slow speed.
The device of 13. detection error injection according to claim 10, it is characterized in that, described Circuits System comprises at least one sensor, be configured to sense described signal level on plural described sampling spot, and the described signal level that merging senses is to produce the output of described at least one sensor.
The device of 14. detection error injection according to claim 10, it is characterized in that, described Circuits System is configured to compare the described signal level that two or more senses, and is detected described abnormal signal by detecting by the difference between the described signal level that compares.
The device of 15. detection error injection according to claim 10, it is characterized in that, described Circuits System is configured to identify one or more time interval, described in one or more time interval described, the described signal level of high fan-out network is contemplated to stable, and described Circuits System be configured to only described in identified one or more time interval just detect described abnormal signal.
The device of 16. detection error injection according to claim 10, is characterized in that, described Circuits System is configured to detect logical block from other described integrated circuit and receives at least one input.
The device of 17. detection error injection according to claim 10, is characterized in that, described Circuits System is configured to provide at least one another alarm mechanism exported in described integrated circuit, to respond the operation identifying the attempt of described error injection.
The device of 18. detection error injection according to claim 10, is characterized in that, described Circuits System is configured to signal level wherein one or many person described in the described high fan-out network of amendment, to respond the operation identifying the attempt of described error injection.
The device of 19. detection error injection according to claim 10, is characterized in that, described Circuits System is configured to detect described abnormal signal by the surging detected at least one described signal level sensed.
20. 1 kinds of methods detecting error injection, it is characterized in that, described method comprises:
Multiple signal level of the multiple sampling spots of sensing in a high fan-out network, wherein said high fan-out network throughout an integrated circuit, and during the functional operation of described integrated circuit, the not start constantly of described high fan-out network; And
By detecting the abnormal signal in described high fan-out network based on the described signal level at described sampling spot, to identify an error injection attempt.
21. 1 kinds of methods detecting error injection, it is characterized in that, described method comprises:
Multiple signal level of the multiple sampling spots of sensing in a high fan-out network, wherein said high fan-out network is throughout an integrated circuit;
During the feature operation of described integrated circuit, the reasonable signal differentiated in described high fan-out network based on the described signal level sensed makes a variation and abnormal signal; And
By detecting an abnormal signal to identify an error injection attempt.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/308,723 | 2014-06-19 | ||
US14/308,723 US9523736B2 (en) | 2014-06-19 | 2014-06-19 | Detection of fault injection attacks using high-fanout networks |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105277871A true CN105277871A (en) | 2016-01-27 |
CN105277871B CN105277871B (en) | 2019-04-02 |
Family
ID=54869421
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510314369.4A Active CN105277871B (en) | 2014-06-19 | 2015-06-10 | Detect the method and apparatus of error injection |
Country Status (3)
Country | Link |
---|---|
US (1) | US9523736B2 (en) |
CN (1) | CN105277871B (en) |
TW (1) | TWI614634B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107179448A (en) * | 2017-07-12 | 2017-09-19 | 北京智慧云测科技有限公司 | Electromagnetism error injection attack method and system |
CN109388956A (en) * | 2017-08-11 | 2019-02-26 | 意法半导体(鲁塞)公司 | Protection to integrated circuit |
CN110945372A (en) * | 2017-06-15 | 2020-03-31 | 耐瑞唯信有限公司 | Method for detecting at least one glitch in an electrical signal and device for carrying out the method |
CN111413607A (en) * | 2020-03-26 | 2020-07-14 | 长沙理工大学 | Method, device, equipment and medium for positioning sensitive door node |
CN112204728A (en) * | 2018-06-01 | 2021-01-08 | Arm有限公司 | Fault injection attack detection in integrated circuits |
CN112506730A (en) * | 2020-11-10 | 2021-03-16 | 中国人民解放军战略支援部队信息工程大学 | Verification platform and verification method suitable for network switching chip ECC function verification |
CN117687395A (en) * | 2024-02-02 | 2024-03-12 | 苏州旗芯微半导体有限公司 | Self-checking circuit and self-checking method for safety mechanism of microcontroller functional module |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9483383B2 (en) * | 2013-12-05 | 2016-11-01 | International Business Machines Corporation | Injecting faults at select execution points of distributed applications |
US9397666B2 (en) | 2014-07-22 | 2016-07-19 | Winbond Electronics Corporation | Fault protection for clock tree circuitry |
US9753826B2 (en) * | 2015-07-21 | 2017-09-05 | International Business Machines Corporation | Providing fault injection to cloud-provisioned machines |
US10289840B2 (en) * | 2017-06-02 | 2019-05-14 | Silicon Laboratories Inc. | Integrated circuit with tamper protection and method therefor |
US20210240823A1 (en) * | 2017-12-18 | 2021-08-05 | Nuvoton Technology Corporation | System and method for coping with fault injection attacks |
US10990682B2 (en) | 2017-12-18 | 2021-04-27 | Nuvoton Technology Corporation | System and method for coping with fault injection attacks |
US10305479B1 (en) * | 2018-06-12 | 2019-05-28 | Nxp B.V. | Fault attack protection against synchronized fault injections |
EP3584737B1 (en) * | 2018-06-19 | 2022-02-23 | Secure-IC SAS | Improved detection of laser fault injection attacks on cryptographic devices |
US11055409B2 (en) | 2019-01-06 | 2021-07-06 | Nuvoton Technology Corporation | Protected system |
US11080157B1 (en) * | 2019-03-22 | 2021-08-03 | Amazon Technologies, Inc. | Automated resiliency analysis in distributed systems |
US11914703B2 (en) * | 2019-07-03 | 2024-02-27 | Nxp B.V. | Method and data processing system for detecting a malicious component on an integrated circuit |
WO2021030958A1 (en) * | 2019-08-16 | 2021-02-25 | 深圳市汇顶科技股份有限公司 | Detection circuit for electromagnetic fault injection, security chip, and electronic device |
US11321457B2 (en) | 2019-09-16 | 2022-05-03 | Nuvoton Technology Corporation | Data-sampling integrity check by sampling using flip-flops with relative delay |
US11244046B2 (en) | 2019-09-16 | 2022-02-08 | Nuvoton Technology Corporation | Data-sampling integrity check using gated clock |
US11366898B2 (en) * | 2019-11-18 | 2022-06-21 | Silicon Laboratories Inc. | Integrated circuit with electromagnetic fault injection protection |
US11321458B2 (en) | 2020-01-28 | 2022-05-03 | Nuvoton Technology Corporation | Secure IC with soft security countermeasures |
US11366899B2 (en) * | 2020-02-18 | 2022-06-21 | Nuvoton Technology Corporation | Digital fault injection detector |
US20230305612A1 (en) * | 2022-03-28 | 2023-09-28 | Mitre Corporation | Characterizing Fault Injection on Power Distribution Networks with Voltage Sensors |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6154045A (en) * | 1998-12-22 | 2000-11-28 | Intel Corporation | Method and apparatus for reducing signal transmission delay using skewed gates |
US20110234307A1 (en) * | 2010-03-24 | 2011-09-29 | Stmicroelectronics (Rousset) Sas | Countermeasure method and device against an attack by fault injection in an electronic microcircuit |
KR101352149B1 (en) * | 2013-01-31 | 2014-01-15 | 부산대학교 산학협력단 | Circuit for detecting optical fault injection based on buffers on reset signal path |
CN103679010A (en) * | 2012-08-29 | 2014-03-26 | Nxp股份有限公司 | Detection arrangement |
CN103870751A (en) * | 2012-12-18 | 2014-06-18 | 中国移动通信集团山东有限公司 | Method and system for intrusion detection |
Family Cites Families (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4860288A (en) | 1987-10-23 | 1989-08-22 | Control Data Corporation | Clock monitor for use with VLSI chips |
US5867409A (en) | 1995-03-09 | 1999-02-02 | Kabushiki Kaisha Toshiba | Linear feedback shift register |
JP4119581B2 (en) | 1999-09-02 | 2008-07-16 | 富士通株式会社 | Data transmission device, data output device, and data transmission method |
KR100423012B1 (en) | 2001-09-28 | 2004-03-16 | 주식회사 버카나와이어리스코리아 | DLL with False Lock Protector |
US7747936B2 (en) | 2004-03-02 | 2010-06-29 | Stmicroelectronics Sa | Device for protection against error injection into an asynchronous logic block of an elementary logic module |
US7372304B2 (en) | 2005-10-04 | 2008-05-13 | Stmicroelectronics, Inc. | System and method for glitch detection in a secure microcontroller |
CN101310191B (en) * | 2005-11-14 | 2011-04-20 | Nxp股份有限公司 | Integrated circuit arrangement and design method |
JP4899556B2 (en) | 2006-03-17 | 2012-03-21 | 富士通セミコンダクター株式会社 | Semiconductor integrated circuit |
US7770049B1 (en) | 2006-03-21 | 2010-08-03 | Advanced Micro Devices, Inc. | Controller for clock skew determination and reduction based on a lead count over multiple clock cycles |
JP4890180B2 (en) | 2006-09-27 | 2012-03-07 | ルネサスエレクトロニクス株式会社 | Clock distribution circuit and test method |
CN101192820B (en) | 2006-11-30 | 2010-06-09 | 中央数位公司 | A delay module and its open loop control device and method |
DE602008003051D1 (en) | 2007-05-18 | 2010-12-02 | St Microelectronics Rousset | Detection of a state fault of a bistable toggle switch of an electronic circuit |
KR101534203B1 (en) | 2008-10-14 | 2015-07-07 | 삼성디스플레이 주식회사 | Data driving apparatus, display comprising the same |
FR2948795A1 (en) * | 2009-07-30 | 2011-02-04 | St Microelectronics Rousset | INJECTION DETECTOR OF FAULTS IN AN INTEGRATED CIRCUIT |
JP5798442B2 (en) | 2011-10-21 | 2015-10-21 | キヤノン株式会社 | Clock distribution circuit and method for forming clock distribution circuit |
US8525597B2 (en) | 2011-11-03 | 2013-09-03 | Freescale Semiconductor, Inc | Clock frequency overshoot detection circuit |
KR20130125036A (en) | 2012-05-08 | 2013-11-18 | 삼성전자주식회사 | System on chip (soc), method of operating the soc, and system having the soc |
TWI472912B (en) | 2012-09-11 | 2015-02-11 | Univ Nat Cheng Kung | Debug control system and method by use of inside-core events served as trigger condition |
TWI484318B (en) | 2013-02-07 | 2015-05-11 | Phison Electronics Corp | Clock data recovery circuit module and method for generating data recovery clock |
US9213358B2 (en) | 2013-10-31 | 2015-12-15 | Qualcomm Incorporated | Monolithic three dimensional (3D) integrated circuit (IC) (3DIC) cross-tier clock skew management systems, methods and related components |
US10318684B2 (en) | 2014-03-21 | 2019-06-11 | Synopsys, Inc. | Network flow based framework for clock tree optimization |
US9231603B2 (en) | 2014-03-31 | 2016-01-05 | International Business Machines Corporation | Distributed phase detection for clock synchronization in multi-layer 3D stacks |
US20150323958A1 (en) | 2014-05-08 | 2015-11-12 | Qualcomm Incorporated | Clock skew management systems, methods, and related components |
US9397666B2 (en) | 2014-07-22 | 2016-07-19 | Winbond Electronics Corporation | Fault protection for clock tree circuitry |
US9397663B2 (en) | 2014-07-22 | 2016-07-19 | Winbond Electronics Corporation | Fault protection for high-fanout signal distribution circuitry |
-
2014
- 2014-06-19 US US14/308,723 patent/US9523736B2/en active Active
-
2015
- 2015-05-27 TW TW104117010A patent/TWI614634B/en active
- 2015-06-10 CN CN201510314369.4A patent/CN105277871B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6154045A (en) * | 1998-12-22 | 2000-11-28 | Intel Corporation | Method and apparatus for reducing signal transmission delay using skewed gates |
US20110234307A1 (en) * | 2010-03-24 | 2011-09-29 | Stmicroelectronics (Rousset) Sas | Countermeasure method and device against an attack by fault injection in an electronic microcircuit |
CN103679010A (en) * | 2012-08-29 | 2014-03-26 | Nxp股份有限公司 | Detection arrangement |
CN103870751A (en) * | 2012-12-18 | 2014-06-18 | 中国移动通信集团山东有限公司 | Method and system for intrusion detection |
KR101352149B1 (en) * | 2013-01-31 | 2014-01-15 | 부산대학교 산학협력단 | Circuit for detecting optical fault injection based on buffers on reset signal path |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110945372A (en) * | 2017-06-15 | 2020-03-31 | 耐瑞唯信有限公司 | Method for detecting at least one glitch in an electrical signal and device for carrying out the method |
CN110945372B (en) * | 2017-06-15 | 2022-06-14 | 耐瑞唯信有限公司 | Method for detecting at least one spur in an electrical signal and device for carrying out said method |
CN107179448A (en) * | 2017-07-12 | 2017-09-19 | 北京智慧云测科技有限公司 | Electromagnetism error injection attack method and system |
CN109388956A (en) * | 2017-08-11 | 2019-02-26 | 意法半导体(鲁塞)公司 | Protection to integrated circuit |
CN112204728A (en) * | 2018-06-01 | 2021-01-08 | Arm有限公司 | Fault injection attack detection in integrated circuits |
CN111413607A (en) * | 2020-03-26 | 2020-07-14 | 长沙理工大学 | Method, device, equipment and medium for positioning sensitive door node |
CN111413607B (en) * | 2020-03-26 | 2021-05-28 | 长沙理工大学 | Method, device, equipment and medium for positioning sensitive door node |
CN112506730A (en) * | 2020-11-10 | 2021-03-16 | 中国人民解放军战略支援部队信息工程大学 | Verification platform and verification method suitable for network switching chip ECC function verification |
CN112506730B (en) * | 2020-11-10 | 2022-11-01 | 中国人民解放军战略支援部队信息工程大学 | Verification platform and verification method suitable for network switching chip ECC function verification |
CN117687395A (en) * | 2024-02-02 | 2024-03-12 | 苏州旗芯微半导体有限公司 | Self-checking circuit and self-checking method for safety mechanism of microcontroller functional module |
CN117687395B (en) * | 2024-02-02 | 2024-04-16 | 苏州旗芯微半导体有限公司 | Self-checking circuit and self-checking method for safety mechanism of microcontroller functional module |
Also Published As
Publication number | Publication date |
---|---|
TWI614634B (en) | 2018-02-11 |
US9523736B2 (en) | 2016-12-20 |
US20150369865A1 (en) | 2015-12-24 |
TW201600998A (en) | 2016-01-01 |
CN105277871B (en) | 2019-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105277871A (en) | Method and apparatus for detecting fault injection | |
Yang et al. | A2: Analog malicious hardware | |
Gnad et al. | Voltage drop-based fault attacks on FPGAs using valid bitstreams | |
Höller et al. | Qemu-based fault injection for a system-level analysis of software countermeasures against fault attacks | |
US11681795B2 (en) | Method, system and apparatus for security assurance, protection, monitoring and analysis of integrated circuits and electronic systems in relation to hardware trojans | |
CN105408911A (en) | Hardware and software execution profiling | |
CN105103158A (en) | Profiling code execution | |
Prinetto et al. | Hardware Security, Vulnerabilities, and Attacks: A Comprehensive Taxonomy. | |
Yuce et al. | FAME: Fault-attack aware microprocessor extensions for hardware fault detection and software fault response | |
CN103425942A (en) | Tamper detector for secure module | |
CN103712642A (en) | Method and apparatus for realizing self-detection of safety detector | |
Milosevic et al. | Malware in IoT software and hardware | |
Konstantinou et al. | Phylax: Snapshot-based profiling of real-time embedded devices via jtag interface | |
US11366898B2 (en) | Integrated circuit with electromagnetic fault injection protection | |
CN105074833B (en) | The device that unauthorized for identifying the system mode to control and adjustment unit manipulates and the nuclear facilities with the device | |
Polian et al. | Counteracting malicious faults in cryptographic circuits | |
Galathy et al. | A systematic approach to fault attack resistant design | |
Reeves et al. | Lightweight intrusion detection for resource-constrained embedded control systems | |
Unger et al. | Functional Safety Test Strategy for Automotive Microcontrollers During Electro-Magnetic Compatibility Characterization | |
Coşkun et al. | VAST: Validation of VP-based Heterogeneous Systems against Availability Security Properties using Static Information Flow Tracking | |
CN107590382A (en) | A kind of malware detection analysis method and device based on virtual machine Dynamic Execution | |
CN115146265A (en) | Security system | |
Rajendran et al. | Sensitivity analysis of testability parameters for secure IC design | |
Pothukuchi et al. | Maya: Using formal control to obfuscate power side channels | |
Lou et al. | Cybersecurity analysis of industrial control system functionality |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |